What is required for auto detection and negotiation of NAT when establishing a VPN link?
- Both VPN end devices must be configured for NAT.
- No ACLs can be applied on either VPN end device.
- Both VPN end devices must be NAT-T capable.
- Both VPN end devices must be using IPv6.
Explanation: Establishing a VPN between two sites has been a challenge when NAT is involved at either end of the tunnel. The enhanced version of original IKE, IKE version 2, now supports NAT Traversal (NAT-T). NAT-T has the ability to encapsulate ESP packets inside UDP. During IKE version 2 Phase 1, the VPN end devices can detect whether the other device is NAT-T capable and whether either device is connecting through a NAT-enabled device in order to establish the tunnel.
Exam with this question: CCNA Security Final Exam Answers
Please login or Register to submit your answer